Skip to main content
  1. Home
  2. Computing
  3. News

Trend Micro does a deep dive into Hacking Team’s Open Type Font exploit

By

hacking team helped malware hackingteam
Image used with permission by copyright holder
The Italy-based, malware-making digital security company Hacking Team recently had to wipe a lot of egg from its face when its website was vandalized; its Twitter account hijacked; and hundreds of gigabytes of source code, emails, and internal documents made public following a hack of its servers. Part of what came out of the data dump was that it had been providing malware to many different governments around the world, some of which are criticized for their oppressive regimes and human rights abuses.

One of the pieces of nefarious software which Hacking Team created used an exploit in the open font type manager module — ATMFD.dll — provided by Adobe. As Trend Micro explains in its blog post, the reason this could be exploited is because, while the module is processing font data, there’s a buffer underflow, because of a signed number extending.

Recommended Videos

Since the font’s buffer can be prepared by an attacker, this allows it to send commands and content to the front of the input buffer, which ultimately gives them a foot in the door of the system they’re going after.

Please enable Javascript to view this content

This is just one of many different exploits which Hacking Team took advantage of in the creation of its various tools and tricks, which it sold to governments such as Sudan, United Arab Emirates, and Singapore. Another popular one used a vulnerability in Adobe’s Flash Player version 9 or later and works on almost every browser, including Internet Explorer, Chrome, Firefox and Safari.

Related

The bug has apparently been there for years and hasn’t been patched, since it’s still present in the latest version of Flash. However, we can rest easy to some extent, as this sort of attack hasn’t been tracked in the wild apart from one specific instance in the recent past.

Trend Micro was also keen to point out in its breakdown of these threats that its software should provide protection against them … though you would expect it to say that.

Editors’ Recommendations

Topics
Jon Martindale
Jon Martindale
Evergreen writer
Jon Martindale is a freelance evergreen writer and occasional section coordinator, covering how to guides, best-of lists, and…
I played Black Myth: Wukong on the new MSI handheld to prove it was possible
Black Myth: Wukong running on the MSI Claw 8 AI+.

I scoffed when MSI put the Claw 8 AI+ in my hands with Black Myth: Wukong selected. I'd spent 80 hours in the game on my full desktop packing an RTX 4090, and I knew just how demanding the game was. It's a pipedream for a handheld gaming PC.

I pressed Continue and loaded up at the Pool of Shattered Jade rest point -- the ideal spot to farm; if you know, you know -- and proceeded to run up to the cocoons spotted around the area, unleash my spirit ability, and run back. Sitting in a dimly-lit New York City bar, I continued the loop a few more times. I'd done plenty of farming in the game before.

Read more
This is the GPU I’m most excited for in 2025 — and it’s not by Nvidia
The AMD Radeon RX 7900 XTX graphics card.

The next few months will completely redefine every ranking of the best graphics cards. With Nvidia's RTX 50-series and AMD's RDNA 4 most likely launching in January -- and even Intel possibly expanding its Battlemage lineup -- there's a lot to look forward to.

But as for me, I already know which GPU I'm most excited about. And no, it's not Nvidia's rumored almighty RTX 5090. The GPU I'm looking forward to is AMD's upcoming flagship, which will presumably be the RX 8800 XT (or perhaps the RX 9070 XT). Below, I'll tell you why I think this GPU is going to be so important not just for AMD but also for the entire graphics card market.
Setting the pace

Read more
Google Street View camera captures highly suspicious act, leading to arrests
The Google Street View image showing someone loading a large bundle into the trunk of a car.

Imagery from Google’s Street View has reportedly helped to solve a murder case in northern Spain.

Street View is the online tool that lets you view 360-degree imagery captured by cameras mounted on Google’s Street View cars that travel the world.

Read more